Thursday, 2011-09-01

*** Joins: paulf (7346ad2a@gateway/web/freenode/ip.115.70.173.42)		00:22
paulf	hi	00:23
*** Quits: paulf (7346ad2a@gateway/web/freenode/ip.115.70.173.42) (Client Quit)		00:23
*** Quits: kirillka (~Miranda@75-193-55-95.baltnet.ru) (Quit: kirillka)		00:40
*** Joins: kirillka (~Miranda@195.242.142.17)		01:02
*** Quits: brucelee (~adsfasdf@c-67-160-201-8.hsd1.ca.comcast.net) (Read error: Connection reset by peer)		02:20
*** Joins: brucelee (~adsfasdf@c-67-160-201-8.hsd1.ca.comcast.net)		02:21
*** Joins: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz)		02:31
*** Quits: siebrand (~siebrand@5353A6DC.cm-6-4c.dynamic.ziggo.nl) (Quit: siebrand)		02:38
*** Joins: dregad (~dregad@wwwgate1.merck.de)		03:11
*** Joins: siebrand (~siebrand@188.200.34.66)		03:16
*** Joins: Arvidius (~Arvidius@188.201.221.57)		03:26
Arvidius	hey	03:27
Arvidius	I have a question regarding mantis	03:27
Arvidius	I installed it on my webserver and I really like it but I'm missing 1 feature	03:27
Arvidius	is it possible to set a deadline for every bug that is added?	03:28
Arvidius	an to remember the owner of the bug if the deadline is getting close?	03:28
dregad	Arvidius: setting deadline --> yes	03:33
dregad	reminder - not sure, I don't use this feature	03:33
*** Quits: Arvidius (~Arvidius@188.201.221.57) (Ping timeout: 264 seconds)		03:33
*** Joins: Arvidius (~Arvidius@188.201.221.57)		03:36
dregad	check $g_due_date_update_threshold and $g_due_date_view_threshold	03:36
Arvidius	I am sorry, I do not really understand?	03:37
dregad	these are options you can set in config_inc.php	03:38
dregad	by default the threshold is NOBODY meaning the feature is disabled	03:38
Arvidius	ok, and with those options set I can use the feature I am looking for?	03:39
dregad	it enables a due-date field which I think is what you need	03:39
dregad	does not handle the notification though - don't think that Mantis can do that, you might have to setup a custom cron job	03:40
Arvidius	thanks, I will try that :-)	03:40
*** Quits: Arvidius (~Arvidius@188.201.221.57) ()		03:43
*** Quits: Cesare (~Adium@creati59.lnk.telstra.net) (Quit: Leaving.)		03:55
*** Joins: fredcooke (~fred@131.2.221.87.dynamic.jazztel.es)		04:22
*** Joins: asm89 (~asm89@unaffiliated/asm89)		04:27
*** Joins: paul__ (52c6fa03@gateway/web/freenode/ip.82.198.250.3)		04:28
paul__	moo	04:28
dhx1	paul__: hey	04:30
paul__	lo	04:30
paul__	I ran appscan over my codebase last week, and over 1.2.7 yesterday - i.e. http://www-01.ibm.com/software/awdtools/appscan/	04:31
dhx1	paul__: any results?	04:35
paul__	a bunch of invalid stuff, and some stuff that needs fixing basically	04:38
paul__	i'm at work atm, that's at home	04:38
dhx1	XSS?	04:40
paul__	ya	04:40
dhx1	hmmm	04:40
dhx1	can you email me a copy when you get home?	04:40
dhx1	I can't wait to kill off 1.2.x...	04:40
dhx1	and for more browsers to support X-Content-Security-Policy... and then eventually, a version of MantisBT that has proper layout/content separation	04:41
dregad	hi	04:48
dregad	you guys seen this ? https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html	04:48
paul__	yea	04:50
paul__	not seen what though	04:50
paul__	wouldn't be surprised if i've already found the bugs with the scans i've done though	04:50
dhx1	why are security firms so useless at talking to open source projects?	04:50
dregad	according to their policy, they would have sent a detailed e-mail	04:50
dregad	but question is, to whom...	04:51
dhx1	maybe Victor	04:51
dhx1	it's happened before	04:51
*** Quits: asm89 (~asm89@unaffiliated/asm89) (Quit: reboot)		04:51
dregad	Funny, that company's based in Geneva, less than 1 km away from my office	04:52
dhx1	LFI is bad... if it's true	04:52
dhx1	sounds similar to http://www.mantisbt.org/bugs/view.php?id=12607	04:52
dregad	LFI ? which one do you mean http://en.wikipedia.org/wiki/LFI	04:53
*** Joins: asm89 (~asm89@unaffiliated/asm89)		04:53
dhx1	dregad: http://en.wikipedia.org/wiki/Local_File_Inclusion	04:54
dhx1	oh nm, htbridge posted a bug	04:55
dregad	just saw it	04:56
dhx1	oooh yeah that's bad	04:57
dhx1	or maybe not (on nginx) because you can't traverse upwards from a file	04:58
asm89	what is that appscan? sounds like a nice tool	04:58
dhx1	hmmm why is document.cookie working on mantisbt.org? HttpOnly is meant to be turned on :grrr:	05:00
dhx1	oh, it's only supported for PHP > 5.2.0	05:01
paul__	1/2+others i've already found + fixed	05:08
asm89	paul__: is that ibm tool a tool you use @work?	05:11
dhx1	paul__: I'll beat you to it :)	05:13
dregad	dhx1: especially if paul__ forgets to push ::grin::	05:16
dhx1	haha	05:16
*** Quits: CIA-33 (~CIA@cia.atheme.org) (.net .split)		05:40
*** Joins: CIA-33 (~CIA@cia.atheme.org)		05:42
paul__	asm89: not exactly ;p	05:59
paul__	but a tool I can get access to	06:00
asm89	ah nice :)	06:01
paul__	I plan to push the fixes i've found from said tool and send an email to list within next 12 hours	06:03
paul__	once those are pushed will take a look to see if those fixes have already covered the issues htbridge report	06:04
dregad	paul__ coordinate your work with dhx as I'm sure is already on the htbridge report...	06:15
paul__	well, as I say, I think some of the htbridge issues i've already identified	06:16
paul__	I was planning on posting an advisory type of mail about the issues that appscan threw up once i'd checked them all out	06:16
dhx1	I'll have those htbridge vulnerabilities patched up shortly	06:21
paul__	dhx1: please dont	06:21
dhx1	and then I'll wait for yours (if they're different)	06:21
paul__	as I've already fixed them	06:21
dhx1	I'm doing them right :)	06:21
paul__	I think	06:21
GitHub25	[mantisbt] davidhicks pushed 1 new commit to master: http://git.io/4ShkWg	07:29
GitHub25	[mantisbt/master] Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS - David Hicks	07:29
GitHub141	[mantisbt] davidhicks pushed 1 new commit to master-1.2.x: http://git.io/guFs7Q	07:29
GitHub141	[mantisbt/master-1.2.x] Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS - David Hicks	07:29
*** Joins: tsnfoo (~fulekia@ws-imac27.test.denison.edu)		08:52
*** Joins: daryn (~daryn@h158.249.190.173.static.ip.windstream.net)		09:00
*** Quits: kirillka (~Miranda@195.242.142.17) (Quit: kirillka)		09:59
*** Quits: paul__ (52c6fa03@gateway/web/freenode/ip.82.198.250.3) (Quit: Page closed)		11:15
*** Quits: asm89 (~asm89@unaffiliated/asm89) (Quit: bye)		11:19
*** Quits: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) (Quit: visit http://wormscesky.cz)		12:39
*** Quits: siebrand (~siebrand@188.200.34.66) (Quit: siebrand)		13:35
*** Joins: Phileas1 (~Phileas1@56.110.63.81.cust.bluewin.ch)		14:23
*** Joins: JonMarkGo (~Jon@ool-18bfe16f.dyn.optonline.net)		14:50
*** Quits: Phileas1 (~Phileas1@56.110.63.81.cust.bluewin.ch) (Quit: ChatZilla 0.9.87 [Firefox 3.6.20/20110803131630])		15:46
*** Joins: siebrand (~siebrand@5353A6DC.cm-6-4c.dynamic.ziggo.nl)		16:47
*** Joins: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz)		17:18
*** Parts: fredcooke (~fred@131.2.221.87.dynamic.jazztel.es) ("ISON zyp shaggymane dcramer `CHR1S1 TekniQue `CHR1S seank_ gurov rxKaffee kb1gtt1 obi-lan Lev8n TekniQue_ tomi_ge seank-efi Milosch hena pinztrek obi-lan_ jr- pieloverr djandruczyk gufi BassGuy sry_not4sale Evie johntramp Quan-Time Evie\|shell Evie^2 piimae diy")		17:19
*** Quits: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) (Quit: Ex-Chat)		17:28
*** Quits: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) (Quit: visit http://wormscesky.cz)		18:40
*** Joins: Cesare (~Adium@creati59.lnk.telstra.net)		19:21
*** Quits: micahg (~micahg@ubuntu/member/micahg) (Read error: Connection reset by peer)		19:56
*** Joins: micahg (~micahg@ubuntu/member/micahg)		19:57
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection)		20:00
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de)		20:00
*** Quits: micahg (~micahg@ubuntu/member/micahg) (Read error: Operation timed out)		20:55
*** Joins: micahg (~micahg@ubuntu/member/micahg)		20:57

Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!